Open robertdebock opened 2 years ago
I can confirm this is still happening in 2023, on
Terraform v1.4.6 on windows_amd64 provider registry.terraform.io/hashicorp/vault v3.15.2
Executing the following Terraform
provider "vault" {
address = "redacted"
auth_login {
path = "auth/approle/login"
parameters = {
role_id = "redacted"
secret_id = "redacted"
}
}
}
resource vault_token "periodic_token" {
ttl = "2m"
renewable = true
no_parent = true
period = "1m"
}
output "token" {
value = nonsensitive(vault_token.periodic_token.client_token)
}
Results in the following output
╷
│ Error: Provider produced inconsistent result after apply
│
│ When applying changes to vault_token.periodic_token, provider "provider[\"registry.terraform.io/hashicorp/vault\"]"
│ produced an unexpected new value: Root resource was present, but now absent.
│
│ This is a bug in the provider, which should be reported in the provider's own issue tracker.
╵
The type of token doesn't matter. I've confirmed this exact behavior no matter what kind of token is being created.
Looking at the code, this seems very likely to happen when you've got a slightly slow storage system. The token create looks like this:
func tokenCreate(d *schema.ResourceData, meta interface{}) error {
....
< create token>
....
return tokenRead(d, meta)
}
I had the same error as well, and found out that in the end the token used by terraform was lacking POST
permission on /auth/token/lookup-accessor
which is used by tokenRead()
.
(provider version 3.18.0, vault version 1.13.1)
Vault 1.14.2 provider 3.21.0
Exact same conditions leads to exact same results.
I'm using the root token to apply my terraform code, so that should not be an issue around permissions.
Also, with only changing (in the code example of the issue statement) the vault_token_auth_backend_role.dr.token_type
to service
: the code can be applied without error.
Taking all hints. Thanks.
Hi there, have the same error
Hi there,
Terraform Version
Affected Resource(s)
Please list the resources as a list, for example:
vault_token
Terraform Configuration Files
Debug Output
Gist
Expected Behavior
Was hoping a token would have been created. Manually creating a token works:
Actual Behavior
Steps to Reproduce
terraform init
terraform apply
Important Factoids
This issue can be reproduced when
vault_token_auth_backend_role .dr.token_type = "batch"
.References